Control over personal data is a fundamental right of every individual. With organizations across the world collecting customer data to enable them to provide services, it becomes important that companies manage data in a transparent manner with the customer's consent. GDPR, stands for "General Data Protection Regulation". It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.
Although GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle personal data of individuals from the EU. This means that almost every major corporation in the world will need to be ready when GDPR comes into effect. If you or your organization stores and processes personal data in connection to services or goods offered in EU, then the laws applies to you as well. Also, in the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.
We are fully committed to GDPR and hence have built product features for greater privacy and data control. As an organization, UserExperior has always implemented and practiced processes which ensure that customer data is stored and processed in ways necessary only to serve our customers in the best possible way. Our privacy, security and data storage policies are also streamlined with the GDPR goals and objectives.
As a customer of UserExperior and if your end users are citizens of EU, you need to follow the below steps to comply to GDPR guidelines. 1. Ensure that the terms of use or privacy policy of your application clearly communicates to the user that you are using UserExperior in your app. You should also clearly mention the use of other analytics tools as well. 2. You need to sign our Data Processing Agreement(DPA) (Please download the DPA and send us the signed copy to legal@userexperior.com)
In order to ensure that we comply to the GDPR guidelines below are the key changes we have made to our product 1. Right to be forgotten -- UserExperior lets you delete customer data permanently and once deleted data from this user will never be captured for that app. A delete request must be routed via the admin who validates the requester is genuine. 2. No capturing of IP Address -- UserExperior does not capture the IP address of your end users. So it cannot track your user location. Within User we have a method setlocation(...) which needs the lat and long values to be passed by your app. We don't track your users location. 3. Opt-in and Opt-out - Session recording for all users is Opt-in, the SDK by default captures all session. If you want to modify this behavior you can call the Opt-out method. This method will delete the users captured sessions and will not record this user in the future. 4. Providing customer with a copy of their data -- UserExperior can help you retrieve copy of your users data on request. The request for copy of data has to come from the owner of your account with the details of the user(user id passed to UserExperior using the SetUserIdentifier() method) whose data is requested.
For any queries related to GDPR and compliance, please write to us at legal@userexperior.com